PT-2016-1208 · Adobe+4 · Air Sdk+7

Publicado

2016-02-09

·

Atualizado

2023-01-30

·

CVE-2016-0971

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.329 Adobe Flash Player versions 19.x Adobe Flash Player versions 20.x prior to 20.0.0.306 Adobe AIR versions prior to 20.0.0.260 Adobe AIR SDK versions prior to 20.0.0.260 Adobe AIR SDK & Compiler versions prior to 20.0.0.260 Adobe Flash Player versions prior to 11.2.202.569 on Linux
Description The issue is caused by a heap-based buffer overflow in the memory, allowing attackers to execute arbitrary code via unspecified vectors. This can be exploited by a remote attacker to execute arbitrary code.
Recommendations For Adobe Flash Player versions prior to 18.0.0.329, update to version 18.0.0.329 or later. For Adobe Flash Player versions 19.x, update to a version that is not affected by this issue. For Adobe Flash Player versions 20.x prior to 20.0.0.306, update to version 20.0.0.306 or later. For Adobe AIR versions prior to 20.0.0.260, update to version 20.0.0.260 or later. For Adobe AIR SDK versions prior to 20.0.0.260, update to version 20.0.0.260 or later. For Adobe AIR SDK & Compiler versions prior to 20.0.0.260, update to version 20.0.0.260 or later. For Adobe Flash Player versions prior to 11.2.202.569 on Linux, update to version 11.2.202.569 or later.

Exploit

Correção

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787

Identificadores relacionados

ALT-PU-2016-1088
BDU:2016-00469
CVE-2016-0971
MGASA-2016-0062
OPENSUSE-SU-2016_0412-1
OPENSUSE-SU-2016_0415-1
RHSA-2016:0166
RHSA-2016_0166
SUSE-SU-2016:0398-1
SUSE-SU-2016:0400-1

Produtos afetados

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Linux
Red Hat
Suse